在FastAPI中實現用戶認證和授權通常需要使用第三方庫來處理身份驗證和權限管理。常用的庫包括fastapi-users,PyJWT和Passlib。
以下是一個簡單的示例,演示如何在FastAPI中實現基本的用戶認證和授權:
pip install fastapi fastapi-users PyJWT Passlib
from pydantic import BaseModel
from fastapi_users import FastAPIUsers, BaseUserManager, BaseUser
class User(BaseUser):
pass
class UserCreate(BaseModel):
username: str
password: str
class UserManager(BaseUserManager[UserCreate, User]):
async def get_user(self, username: str) -> User:
# 實現獲取用戶的邏輯
pass
async def create_user(self, user: UserCreate) -> User:
# 實現創建用戶的邏輯
pass
user_manager = UserManager(User)
fastapi_users = FastAPIUsers(user_manager)
from fastapi import FastAPI, Depends
from fastapi_users.authentication import JWTAuthentication
from fastapi_users.db import SQLAlchemyUserDatabase
from sqlalchemy import create_engine
from sqlalchemy.ext.declarative import declarative_base
SECRET = "SECRET_KEY"
DATABASE_URL = "sqlite:///./test.db"
Base = declarative_base()
engine = create_engine(DATABASE_URL)
app = FastAPI()
user_db = SQLAlchemyUserDatabase(User, engine, Base)
jwt_authentication = JWTAuthentication(secret=SECRET, lifetime_seconds=3600)
@app.post("/register")
async def register(user: UserCreate):
user = await user_db.create(user)
return user
@app.post("/login")
async def login(user: UserCreate):
user = await user_db.authenticate(user)
token = await jwt_authentication.get_login_response(user)
return token
這樣就可以完成基本的用戶認證和授權功能。用戶注冊時會調用/register路由,登錄時會調用/login路由。在登錄成功后會返回一個JWT令牌,用戶可以在后續請求中使用該令牌進行授權驗證。
請注意,這只是一個簡單的示例,實際項目中可能需要根據具體情況進行更詳細的配置和定制化。FastAPI提供了豐富的功能和擴展性,可以根據需求進行靈活的調整和擴展。
